CVE-2018-12012

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 8CX, SXR1130

Description The issue arises during the update of a blacklisting region, where the shared buffered memory region is not validated against the newly updated blacklist. This can compromise the boot-up process in various Snapdragon products, including Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables.

Recommendations For each of the affected Qualcomm Snapdragon versions (MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 8CX, SXR1130), ensure that the blacklisting region update process includes validation of the shared buffered memory region against the updated blacklist to prevent boot-up compromise. At the moment, there is no information about a newer version that contains a fix for this vulnerability.